I could be easily convinced to move to storing md5 passwords as the default going
forward. iirc, the reason that I picked des-crypt passwords was to ease transition
from other systems coughbugzillacough which already used crypted passwords.
The only requirement would be that the new system be able to verify against
existing crypted passwords and, perhaps, replace them with md5ed passwords on
-jOn Wed, Feb 27, 2002 at 04:40:02PM -0500, Darrin Walton wrote:
|+ Assuming RT uses des-crypt for its passwords, then its not a problem. DES-
|+ Crypt only deals with the first eight bytes of a given password string, the
|+ rest is thrown away. By the way, I think its lame that RT uses des-crypt
|+ passwords, it should use md5 or sha1.
Supply a patch for RT that does md5 and/or sha1, and gives the user an
option within the config.pm to pick which crypt method to use.
Also, supply a program that would convert existing des-crypt to an
md5/sha1 password in the database
rt-devel mailing list
http://www.bestpractical.com/products/rt – Trouble Ticketing. Free.